package com.free.interceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.free.annotation.IgnoreAuth;
import com.free.entity.TokenEntity;
import com.free.service.TokenService;
import com.free.utils.RRException;

/**
 * 
* @ClassName: AuthorizationInterceptor 
* @Description: TODO(权限验证) 
* @author wujie
* @email 602991693@qq.com 
* @date 2017年8月31日 下午1:55:15 
*
 */
@Component
public class AuthorizationInterceptor extends HandlerInterceptorAdapter {
	@Autowired 
	private TokenService tokenService;
	public static final String LOGIN_USER_KEY = "LOGIN_USER_KEY";
	
	@Override
	public boolean preHandle(HttpServletRequest request,HttpServletResponse response,Object handler)throws Exception{
		IgnoreAuth annotation;
		if(handler instanceof HandlerMethod){
			annotation = ((HandlerMethod) handler).getMethodAnnotation(IgnoreAuth.class);
		}else{
			return true;
		}
		//如果有@IgnoreAuth注解则不验证token
		if(annotation != null){
			return true;
		}
		//从header中获取token
		String token = request.getHeader("token");
		//如果header中不存在token，则从参数中获取token
		if(StringUtils.isBlank(token)){
			token = request.getParameter("token");
		}
		//如果token为空
		if(StringUtils.isBlank(token)){
			throw new RRException("token不能为空");
		}
		//查询token信息
		TokenEntity tokenEntity = tokenService.queryByToken(token);
		if(tokenEntity == null || tokenEntity.getExpireTime().getTime() < System.currentTimeMillis()){
			throw new RRException("token失效，请重新登录");
		}
		
		//设置userId到request中，后续根据userId，获取用户信息
		request.setAttribute(LOGIN_USER_KEY, tokenEntity.getUserId());
		return true;
	}
	
}
